It’s not the first time this has happened, but scammers are once again using emails to pose as the IRS in an attempt to steal and extort money from the public. The emails mimic the look and feel of the IRS’ communications and bear subject lines such as “Automatic Income Tax Reminder” and “Electronic Tax Return Reminder”. This most recent scam just turned up in the last week or so, and the IRS and its security partner, Security Summit, are eager to get the word out to taxpayers. The Security Summit, by the way, is a partnering between the IRS, major tax preparation chains, tax preparation software providers, and state taxing authorities to combat tax scams and identity theft.

It has been widely reported, but bears repeating again: The IRS does not send unsolicited emails to taxpayers, and the IRS never emails taxpayers about the status of their returns. The latest scam has embedded links to what appear to be an IRS.gov website. The website tries to lure the visitor to sign on by using a one-time or temporary password to access files, tempting the visitor with access to a refund. The goal is to get the visitor to access the files, which turn out to be a strategy to transfer malware and other viruses to the visitor’s computer. Once there, the malware does it thing – collecting personal data and financial information.

The IRS notes that these scams are growing more and more sophisticated, not only in the look and feel of the fictitious communication from the government, but also in the way the scam is deployed across numerous websites, making the scam very difficult to shut down, even after it has been detected.

Taxpayers should bear a very simple rule in mind: The IRS will not contact a taxpayer via email or social media or the phone in an unsolicited attempt to demand payment or financial information. The IRS sends notices via the US mail. Another simple rule that is equally important is that the recipient of an unsolicited email should never open an attachment on that email. This includes emails that appear to be from friends, family, attorneys, accountants, business partners, the IRS, etc. If there is enough concern that the email and attachment might be valid, pick up the phone and call the sender to validate the email. Those rogue emails should be permanently and immediately deleted (not just deleted or sent to trash) from the computer.